Interpretable and adversarially-resistant behavioral malware signatures

Interpretable and adversarially-resistant behavioral malware signatures

연구 분야: Safety

학회: SAC '20: Proceedings of the 35th Annual ACM Symposium on Applied Computing

Machine learning based techniques have been widely applied to dynamic malware analysis. However, such techniques largely complicate the understanding of predicted results due to their algorithm complexity. The situation becomes even worse with the application of deep learning techniques, which usually include complex architectures with multiple layers of transformations. In addition, most learning-based approaches are potentially vulnerable to behavior transformation attacks. We propose a novel design of behavior-based malware signature, which achieves both the resistance against behavioral transformation and the ease of behavior interpretation. Our design mainly relies on the construction of behavioral signatures, obtained from unsupervised machine learning algorithms, and without requiring any expert knowledge. The behavioral signatures are then used as features for classification tasks. In contrast with prior learning-based works, our signatures provide straightforwardly interpretable information about the decision of classification. Analyzing several real-life malware samples with our signatures, we highlight very characteristic behaviors of some well-known malware families. In standard classification tasks, experiments show that we obtain comparable performances with respect to state-of-the-art techniques. Different to other classification techniques, our experiments demonstrate that our signature representation is resistant against behavioral transformations without affecting the interpretability of the results.